Destiny 2

How Bungie Identified a Mass Mailer of Fake DMCA Notices *TorrentFreak

Earlier this year, Bungie and its enthusiastic community of Destiny fans were thrown into chaos.

Weaponizing the DMCA’s takedown process, unknown individuals sent copyright notices to YouTube claiming that the targeted videos should be taken down for violating Bungie’s rights.

YouTube has started removing videos, including some uploaded by high-profile Destiny content creators. Other advisories targeted Bungie’s own channels, causing confusion and frustration within the Destiny community.

While Bungie supports fan-created content and allow videos to upload to YouTube, a growing number of fans came to the conclusion that Bungie was somehow to blame. With its reputation at stake, Bungie launched an excessive investigation and later confirmed that the takedown notices were all fraudulent and that it was not responsible.

In late March, Bungie took the unusual step of filing a lawsuit in a Washington court. This revealed in detail how two Google Gmail accounts were created to impersonate Bungie’s anti-piracy partner, CSC. The accounts were then used to send masses of fraudulent takedown notices to YouTube.

The scale of the disruption caused was significant, and Bungie’s language in the complaint didn’t pack a punch. In addition to damages related to the fraudulent reviews, the company has accrued additional claims for copyright infringement, misrepresentation, commercial defamation, breach of contract and violation of consumer protection law.

The immediate challenge for Bungie was that the company didn’t know or couldn’t prove the identity of the culprit before filing the lawsuit. A first amended lawsuit filed by Bungie this week moves things forward significantly by naming a single defendant as liable. It also reveals how Bungie tracked down and identified the architect of the DMCA fraud scheme as one of its own clients.

Bungie gets to work

Bungie’s early attempts to get information from Google/YouTube ran into problems. The company attempted to subpoena Google using the DMCA, but the chosen mechanism only allowed Bungie to identify an alleged copyright infringer, not the submitter of allegedly abusive DMCA notices.

Google initially refused to comply, but after some work Bungie started getting the information it was looking for earlier this month.

On June 10, 2022, Google released “important information” about the accounts used to send the fraudulent reviews, including [email protected] (Wiland account) and [email protected] (Reynolds account). Google also provided a list of all takedown notices sent through the accounts, copies of all correspondence between Google and the accounts, and a log of the IP addresses used to access them.

Logs revealed that the Wiland and Reynolds accounts were constantly accessible from a particular IP address (ending in .241), traceable to Consolidated Communications, a residential ISP serving Rocklin, California. On March 22, the Reynolds account logged out of Google and less than a second later the Wiland account logged in, suggesting the same person was behind both accounts.

But Bungie had more. Much more.

IP addresses correspond to official accounts, physical assets

The same .241 IP address mentioned above was also used to send abusive emails to Bungie’s anti-piracy vendor, CSC. Even more problematic was its association with two official Destiny 2 accounts.

One of these accounts made a physical purchase of the Destiny 2: The Witch Queen OST. This was then delivered to a physical address in Rocklin. The purchase came with a bonus download link for an emblem, emailed to the buyer. The recipient clicked the link and Bungie logged the same .241 IP address.

By now the network was almost completely shut down, but in terms of proof, Bungie was far from done. The clickable link of the emblem has been sent to [email protected] and during the chaos of the fake review campaign, a YouTuber called “Lord Nazo” was hit with a fraudulent DMCA review, sent by the Wiland Google account.

Seemingly angered by this injustice, Lord Nazo returned a DMCA counter-notification to YouTube in which he criticized the wave of fake notifications and claimed that his video did not infringe as it was a “transformative use case fair”.

Lord Nazo’s counter-notice contained his email – [email protected] – matching it to the Destiny account at Bungie. It also contained a physical address in Rocklin, California. Whether negligently or on purpose, it also featured his real name: Nick Minor.

From bad to worse and beyond

By December 2021, then blissfully unaware of the chaos to come, Bungie was already having trouble with Nick Minor and his “Lord Nazo” YouTube channel.

Bungie’s anti-piracy provider CSC has targeted the channel with a DMCA takedown after it released The Last Stand, a Taken King OST track. It took until January 25, 2022 for the video to be deleted and on the same day Minor created the Wiland Google account which was then used to send some of the fake reviews.

After purchasing the Witch Queen OST and taking delivery of it from Rocklin, Minor began uploading tracks from the OST to his “Lord Nazo” YouTube channel. Around March 2, 2022, CSC initiated a series of 41 DMCA takedowns, 23 of which targeted underage uploads. A day later, YouTube terminated his channel for recidivism.

Minor took to Twitter and complained directly to Bungie, asking the company to withdraw the copyright complaints so he could get his YouTube account back. On March 16, Minor tweeted again.

“It is getting out of control. Bungie needs to rectify these copyright removals and lock down its brand management,” he wrote.

A day later, a wave of fraudulent reviews were submitted to YouTube; 36 from the Wiland account and one from another Google account, [email protected] (Averz account). Bungie believes that Minor intended to use the Reynolds account to send this notice, as shortly thereafter an identical notice was also sent from the Reynolds account.

It’s unclear if the account switch played a role, but on March 18, Google flagged both reviews as fraudulent and asked Minor to provide documentation proving his identity. Minor then moved on to the Wiland account to send more fraudulent notices and when pressured by Google to prove his identity on the Wiland and Averz accounts, Minor withdrew those specific takedown notices.

Stir up controversy, play the victim, make it worse

On the day Google requested documents from Minor, he used his “Lord Nazo” Twitter account to message Bungie accounts. “It seems it’s not just the music community that’s been affected. 2 non-music channels can’t be a mistake,” he tweeted. “Either someone is making false copyright claims on behalf of @Bungie or their CSC is out of whack.”

On March 20, Minor responded to Bungie’s tweet informing its Destiny community that the company was not behind the takedown campaign. “I just knew it wasn’t you guys,” he tweeted at Bungie. “I just couldn’t believe you would do this to us after 8 years. I’m so glad I was right.

Three days later, Minor tweeted on YouTube: “@TeamYouTube People with Destiny 2 content on their channels have been victims of fake takedowns and even Bungie confirms that the takedowns are not legit. My channel has even been shut down because of all these fake withdrawals. Is there anything you can do about it?”

Minor then tweeted again at Bungie, complaining that his videos had not yet been restored. On March 26, in another YouTube tweet, Minor demanded that his videos be restored because the DMCA notices in question were false. They were genuine, Bungie had sent them earlier.

VPN deployment came too late

At this point, news of Bungie’s lawsuit began to surface online, leading to Minor accessing Wiland and Reynolds accounts using a VPN. But of course, VPNs can’t fix past mistakes and if so, they probably wouldn’t have helped Minor get away with his campaign, even if he had used one from the start.

For example, Minor’s use of the same email addresses across multiple sites started a long time ago. As part of its investigation, Bungie accessed data made public following the 2016 breach of hacking and cheat site The company found three email addresses in the database linking Minor to the bogus DMCA campaign.

The first one – [email protected] – was specified in the order for California OST delivery. It was also used to issue the YouTube counter-notice linking Minor to the “Lord Nazo” channel, which in turn gave up Minor’s real name and physical address.

The second – [email protected] – was mistakenly used to send a fake DMCA notice and the third – [email protected] – was the email address Minor used to open his Destiny account at Bungie.

Bungie’s Amended Complaint, Seeking At Least $7.65 Million, Can Be Found here (pdf)

#Bungie #Identified #Mass #Mailer #Fake #DMCA #Notices #TorrentFreak

Leave a Comment

Your email address will not be published. Required fields are marked *